Hi, I got another pmap related panic on my HTT SMP machine. If I don't get that completely wrong, it dies again after accessing the return value of pmap_pte_quick(). Kernel is: 5.1-CURRENT FreeBSD 5.1-CURRENT #23: Thu Aug 21 21:19:53 CEST 2003 NB: the other panic that I saw frequently can be found at <http://lists.freebsd.org/pipermail/freebsd-current/2003-August/008573.html>. Ok, but now for the new one: Stopped at pmap_clear_modify+0x93: movl 0(%eax),%esi db> where pmap_clear_modify(c1863d60,200,0,dfb50bb8,c0254ce2) at pmap_clear_modify+0x93 swp_pager_async_iodone(d28d2cc0,c020b771,c63f9040,3618c5b3,4c) at swp_pager_async_iodone+0x208 bufdone(d28d2cc0,0,0,0,c03f4100) at bufdone+0x141 bufdonebio(d28d2cc0,dfb50c44,c01c8842,c21c2120,c6d78630) at bufdonebio+0x5e biodone(d28d2cc0,c039bdc9,c6d78630,d28d2cc0,0) at biodone+0xcc g_dev_done(c6d78630,c21c9e40,0,0,4) at g_dev_done+0x8a biodone(c6d78630,0,24c,c039b711,a) at biodone+0xcc g_io_schedule_up(c21c9e40,c60931e4,dfb50d34,c01ecb31,0) at g_io_schedule_up+0xb8 g_up_procbody(0,dfb50d48,0,0,0) at g_up_procbody+0x28 fork_exit(c01c9180,0,dfb50d48) at fork_exit+0xb1 fork_trampoline() at fork_trampoline+0x8 --- trap 0x1, eip = 0, esp = 0xdfb50d7c, ebp = 0 --- Script started on Fri Aug 22 09:59:55 2003 [root_at_newscore crash]# gdb -k kernel.7 vmcore.7 GNU gdb 5.2.1 (FreeBSD) Copyright 2002 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-undermydesk-freebsd"... panic messages: --- Fatal trap 12: page fault while in kernel mode cpuid = 3; lapic.id = 07000000 fault virtual address = 0xbfca1974 fault code = supervisor read, page not present instruction pointer = 0x8:0xc035f443 stack pointer = 0x10:0xdfb50b6c frame pointer = 0x10:0xdfb50b84 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 3 (g_up) Dumping 1023 MB 16 32 48 64 80 96 112 128 144 160 176 192 208 224 240 256 272 288 304 320 336 352 368 384 400 416 432 448 464 480 496 512 528 544 560 576 592 608 624 640 656 672 688 704 720 736 752 768 784 800 816 832 848 864 880 896 912 928 944 960 976 992 1008 --- Reading symbols from /usr/obj/usr/src/sys/NEWSCORE/modules/usr/src/sys/modules/acpi/acpi.ko.debug...done. Loaded symbols for /usr/obj/usr/src/sys/NEWSCORE/modules/usr/src/sys/modules/acpi/acpi.ko.debug #0 doadump () at /usr/src/sys/kern/kern_shutdown.c:240 240 dumping++; (kgdb) where #0 doadump () at /usr/src/sys/kern/kern_shutdown.c:240 #1 0xc01494e5 in db_fncall (dummy1=0, dummy2=0, dummy3=1999, dummy4=0xdfb50950 "àR>Àh\201BÀl\tµß\r") at /usr/src/sys/ddb/db_command.c:548 #2 0xc0149232 in db_command (last_cmdp=0xc03e4980, cmd_table=0x0, aux_cmd_tablep=0xc03b5ee4, aux_cmd_tablep_end=0xc03b5ee8) at /usr/src/sys/ddb/db_command.c:346 #3 0xc0149375 in db_command_loop () at /usr/src/sys/ddb/db_command.c:472 #4 0xc014c395 in db_trap (type=12, code=0) at /usr/src/sys/ddb/db_trap.c:73 #5 0xc03479dc in kdb_trap (type=12, code=0, regs=0xdfb50b2c) at /usr/src/sys/i386/i386/db_interface.c:172 #6 0xc0361de6 in trap_fatal (frame=0xdfb50b2c, eva=0) at /usr/src/sys/i386/i386/trap.c:813 #7 0xc0361a92 in trap_pfault (frame=0xdfb50b2c, usermode=0, eva=3217693044) at /usr/src/sys/i386/i386/trap.c:732 #8 0xc03615ed in trap (frame= {tf_fs = -959840232, tf_es = 330235920, tf_ds = -464322544, tf_edi = -1077274252, tf_esi = 963957765, tf_ebp = -541783164, tf_isp = -541783208, tf_ebx = -580143472, tf_edx = 330260480, tf_ecx = -464297340, tf_eax = -1077274252, tf_trapno = 12, tf_err = 0, tf_eip = -1070205885, tf_cs = 8, tf_eflags = 66050, tf_esp = -959834192, tf_ss = 677761024}) at /usr/src/sys/i386/i386/trap.c:417 #9 0xc0349418 in calltrap () at {standard input}:103 #10 0xc03090b8 in swp_pager_async_iodone (bp=0x3974d405) at /usr/src/sys/vm/swap_pager.c:1549 #11 0xc0253311 in bufdone (bp=0xd28d2cc0) at /usr/src/sys/kern/vfs_bio.c:3088 #12 0xc025317e in bufdonebio (bp=0x0) at /usr/src/sys/kern/vfs_bio.c:3035 #13 0xc0252f3c in biodone (bp=0xd28d2cc0) at /usr/src/sys/kern/vfs_bio.c:2959 #14 0xc01c640a in g_dev_done (bp2=0xc6d78630) at /usr/src/sys/geom/geom_dev.c:380 #15 0xc0252f3c in biodone (bp=0xd28d2cc0) at /usr/src/sys/kern/vfs_bio.c:2959 #16 0xc01c8f88 in g_io_schedule_up (tp=0xc21c9e40) at /usr/src/sys/geom/geom_io.c:371 #17 0xc01c91a8 in g_up_procbody () at /usr/src/sys/geom/geom_kern.c:92 #18 0xc01ecb31 in fork_exit (callout=0xc01c9180 <g_up_procbody>, arg=0x0, frame=0x0) at /usr/src/sys/kern/kern_fork.c:796 (kgdb) fr 10 #10 0xc03090b8 in swp_pager_async_iodone (bp=0x3974d405) at /usr/src/sys/vm/swap_pager.c:1549 1549 pmap_clear_modify(m); (kgdb) list 1544 /* 1545 * For write success, clear the modify and dirty 1546 * status, then finish the I/O ( which decrements the 1547 * busy count and possibly wakes waiter's up ). 1548 */ 1549 pmap_clear_modify(m); 1550 vm_page_undirty(m); 1551 vm_page_io_finish(m); 1552 if (!vm_page_count_severe() || !vm_page_try_to_cache(m)) 1553 pmap_page_protect(m, VM_PROT_READ); (kgdb) bt full #0 doadump () at /usr/src/sys/kern/kern_shutdown.c:240 No locals. #1 0xc01494e5 in db_fncall (dummy1=0, dummy2=0, dummy3=1999, dummy4=0xdfb50950 "àR>Àh\201BÀl\tµß\r") at /usr/src/sys/ddb/db_command.c:548 fn_addr = -1071629680 args = {0 <repeats 11 times>} nargs = 11 retval = 0 func = (fcn_10args_t *) 0xc0203a90 <doadump> t = 0 #2 0xc0149232 in db_command (last_cmdp=0xc03e4980, cmd_table=0x0, aux_cmd_tablep=0xc03b5ee4, aux_cmd_tablep_end=0xc03b5ee8) at /usr/src/sys/ddb/db_command.c:346 cmd = (struct command *) 0xc03bb9c0 t = 0 modif = "àR>Àh\201BÀl\tµß\r\0\0\0àlAÀ\r\0\0\0\001\0\0\0\214\tµß&Ø3ÀàR_at_À\aK\0 `mAÀ`Ë?ÀàR>Àx\0\0\0àR>Àh\201BÀ°\tµßq±\024À\214±8À ¯\024À\0\0\0\0\020\0\0\0h\201BÀàR>À\206¨\024ÀàR>À\230J>Àx\0\0\0\020\0\0" addr = 0 count = 1999 have_addr = 0 result = 0 #3 0xc0149375 in db_command_loop () at /usr/src/sys/ddb/db_command.c:472 No locals. #4 0xc014c395 in db_trap (type=12, code=0) at /usr/src/sys/ddb/db_trap.c:73 bkpt = 0 #5 0xc03479dc in kdb_trap (type=12, code=0, regs=0xdfb50b2c) at /usr/src/sys/i386/i386/db_interface.c:172 ef = 582 ddb_mode = 1 #6 0xc0361de6 in trap_fatal (frame=0xdfb50b2c, eva=0) at /usr/src/sys/i386/i386/trap.c:813 code = 16 type = 12 ---Type <return> to continue, or q <return> to quit--- ss = 16 esp = 0 softseg = {ssd_base = 0, ssd_limit = 1048575, ssd_type = 27, ssd_dpl = 0, ssd_p = 1, ssd_xx = 11, ssd_xx1 = 0, ssd_def32 = 1, ssd_gran = 1} #7 0xc0361a92 in trap_pfault (frame=0xdfb50b2c, usermode=0, eva=3217693044) at /usr/src/sys/i386/i386/trap.c:732 va = 3217690624 vm = (struct vmspace *) 0x0 map = 0x1 rv = 1 ftype = 1 '\001' td = (struct thread *) 0xc21c9e40 p = (struct proc *) 0xc60931e4 #8 0xc03615ed in trap (frame= {tf_fs = -959840232, tf_es = 330235920, tf_ds = -464322544, tf_edi = -1077274252, tf_esi = 963957765, tf_ebp = -541783164, tf_isp = -541783208, tf_ebx = -580143472, tf_edx = 330260480, tf_ecx = -464297340, tf_eax = -1077274252, tf_trapno = 12, tf_err = 0, tf_eip = -1070205885, tf_cs = 8, tf_eflags = 66050, tf_esp = -959834192, tf_ss = 677761024}) at /usr/src/sys/i386/i386/trap.c:417 td = (struct thread *) 0xc21c9e40 p = (struct proc *) 0xc60931e4 sticks = 3256655424 i = 0 ucode = 0 type = 12 code = 0 eva = 3217693044 #9 0xc0349418 in calltrap () at {standard input}:103 No locals. #10 0xc03090b8 in swp_pager_async_iodone (bp=0x3974d405) at /usr/src/sys/vm/swap_pager.c:1549 m = 0xdd6bb690 i = -1077274252 object = 0xc6b0f784 ---Type <return> to continue, or q <return> to quit--- #11 0xc0253311 in bufdone (bp=0xd28d2cc0) at /usr/src/sys/kern/vfs_bio.c:3088 biodone = (void (*)(struct buf *)) 0 #12 0xc025317e in bufdonebio (bp=0x0) at /usr/src/sys/kern/vfs_bio.c:3035 No locals. #13 0xc0252f3c in biodone (bp=0xd28d2cc0) at /usr/src/sys/kern/vfs_bio.c:2959 No locals. #14 0xc01c640a in g_dev_done (bp2=0xc6d78630) at /usr/src/sys/geom/geom_dev.c:380 bp = (struct bio *) 0xd28d2cc0 #15 0xc0252f3c in biodone (bp=0xd28d2cc0) at /usr/src/sys/kern/vfs_bio.c:2959 No locals. #16 0xc01c8f88 in g_io_schedule_up (tp=0xc21c9e40) at /usr/src/sys/geom/geom_io.c:371 bp = (struct bio *) 0xd28d2cc0 mymutex = {mtx_object = {lo_class = 0xc03c9eec, lo_name = 0xc039c365 "g_xup", lo_type = 0xc039c365 "g_xup", lo_flags = 196608, lo_list = {tqe_next = 0x0, tqe_prev = 0x0}, lo_witness = 0x0}, mtx_lock = 3256655424, mtx_recurse = 0, mtx_blocked = { tqh_first = 0x0, tqh_last = 0xdfb50cd4}, mtx_contested = {le_next = 0x0, le_prev = 0x0}} #17 0xc01c91a8 in g_up_procbody () at /usr/src/sys/geom/geom_kern.c:92 p = (struct proc *) 0x0 tp = (struct thread *) 0xc21c9e40 #18 0xc01ecb31 in fork_exit (callout=0xc01c9180 <g_up_procbody>, arg=0x0, frame=0x0) at /usr/src/sys/kern/kern_fork.c:796 p = (struct proc *) 0xc60931e4 td = (struct thread *) 0x0 (kgdb) l *pmap_clear_modify+0x93 0xc035f443 is in pmap_clear_modify (/usr/src/sys/i386/i386/pmap.c:2836). 2831 continue; 2832 } 2833 #endif 2834 2835 pte = pmap_pte_quick(pv->pv_pmap, pv->pv_va); 2836 pbits = *pte; 2837 if (pbits & bit) { 2838 if (bit == PG_RW) { 2839 if (pbits & PG_M) { 2840 vm_page_dirty(m); (kgdb) quit [root_at_newscore crash]# exit Script done on Fri Aug 22 10:01:07 2003 -- Lukas Ertl eMail: l.ertl_at_univie.ac.at UNIX Systemadministrator Tel.: (+43 1) 4277-14073 Vienna University Computer Center Fax.: (+43 1) 4277-9140 University of Vienna http://mailbox.univie.ac.at/~le/Received on Thu Aug 21 2003 - 23:14:35 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:19 UTC